https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383061#M558932 <P>Senario:</P><P></P><P>Note: Squid proxy at DMZ of PIX (single legged).</P><P></P><P>Inside LAN: 192.168.22.0 /24</P><P>DMZ : 172.16.10.0 /24</P><P></P><P>How to go ahead to configure PIX acl to forward all http, https, ftp traffic iniated from inside LAN to Internet?</P><P></P><P>eg.</P><P></P><P>access-list dmz_in permit tcp host proxy any eq www </P><P>access-list dmz_in permit tcp host proxy any eq https</P><P>access-list dmz_in permit tcp host proxy any range 20 21 </P><P>access-list dmz_in permit tcp host proxy eq www 192.168.22.0 255.255.255.0 </P><P>access-list dmz_in permit tcp host proxy eq https 192.168.22.0 255.255.255.0</P><P>access-list dmz_in permit tcp host proxy range 20 21 192.168.22.0 255.255.255.0</P><P></P><P>access-list inside_in permit tcp 192.168.22.0 255.255.255.0 host proxy eq 8080</P><P></P><P>Can this config works?</P><P>Any expert to help out there?</P><P> </P><P></P> Fri, 21 Feb 2020 08:06:23 GMT wanghmk1223 2020-02-21T08:06:23Z https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383061#M558932 <P>Senario:</P><P></P><P>Note: Squid proxy at DMZ of PIX (single legged).</P><P></P><P>Inside LAN: 192.168.22.0 /24</P><P>DMZ : 172.16.10.0 /24</P><P></P><P>How to go ahead to configure PIX acl to forward all http, https, ftp traffic iniated from inside LAN to Internet?</P><P></P><P>eg.</P><P></P><P>access-list dmz_in permit tcp host proxy any eq www </P><P>access-list dmz_in permit tcp host proxy any eq https</P><P>access-list dmz_in permit tcp host proxy any range 20 21 </P><P>access-list dmz_in permit tcp host proxy eq www 192.168.22.0 255.255.255.0 </P><P>access-list dmz_in permit tcp host proxy eq https 192.168.22.0 255.255.255.0</P><P>access-list dmz_in permit tcp host proxy range 20 21 192.168.22.0 255.255.255.0</P><P></P><P>access-list inside_in permit tcp 192.168.22.0 255.255.255.0 host proxy eq 8080</P><P></P><P>Can this config works?</P><P>Any expert to help out there?</P><P> </P><P></P> Fri, 21 Feb 2020 08:06:23 GMT https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383061#M558932 wanghmk1223 2020-02-21T08:06:23Z https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383062#M558935 <HTML><HEAD></HEAD><BODY><P>anyone? help pls?</P></BODY></HTML> Tue, 26 Apr 2005 13:28:11 GMT https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383062#M558935 wanghmk1223 2005-04-26T13:28:11Z https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383063#M558941 <HTML><HEAD></HEAD><BODY><P>Look good but you need also DNS !</P><P></P><P>access-list dmz_in permit udp host proxy any eq 53</P><P>access-list dmz_in permit tcp host proxy any eq www</P><P>access-list dmz_in permit tcp host proxy any eq https</P><P>access-list dmz_in permit tcp host proxy any range 20 21</P><P></P><P>access-list inside_in deny tcp any any eq www</P><P>access-list inside_in deny tcp any any eq https</P><P>access-list inside_in deny tcp any any range 20 21</P><P>access-list inside_in permit tcp 192.168.22.0 255.255.255.0 host proxy eq 8080 </P><P>access-list inside_in permit ip any any</P><P></P><P>This should work ! Reconfigure the Internet Browsers to use the proxy server on port 8080.</P><P></P><P>Remove this line if the DMZ does not really does establish connections to the inside network.</P><P></P><P>access-list dmz_in permit tcp host proxy eq www 192.168.22.0 255.255.255.0</P><P>access-list dmz_in permit tcp host proxy eq https 192.168.22.0 255.255.255.0</P><P>access-list dmz_in permit tcp host proxy range 20 21 192.168.22.0 255.255.255.0 </P><P></P><P>sincerely</P><P>Patrick</P><P></P></BODY></HTML> Tue, 26 Apr 2005 23:09:55 GMT https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383063#M558941 Patrick Iseli 2005-04-26T23:09:55Z https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383064#M558945 <HTML><HEAD></HEAD><BODY><P>Thank you so much. Will try and let you know.</P><P>Thanks once again.</P></BODY></HTML> Wed, 27 Apr 2005 00:33:06 GMT https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383064#M558945 wanghmk1223 2005-04-27T00:33:06Z https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383065#M558947 <HTML><HEAD></HEAD><BODY><P>How did it work ?</P><P></P><P>sincerely</P><P>Patrick</P></BODY></HTML> Wed, 27 Apr 2005 13:52:00 GMT https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383065#M558947 Patrick Iseli 2005-04-27T13:52:00Z https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383066#M558950 <HTML><HEAD></HEAD><BODY><P>No really. i shd allow LAN (tcp) -&gt; proxy using port 8080 first then applied all deny to http,https,ftp. etc.</P><P></P><P>Now the problem is the window authentication (win2k3 active directory) at inside LAN whereas proxy is at DMZ.</P><P></P><P>what ports shd i allow between both to get the proxy auth. works with my win2k3 active directory?</P><P>is it only tcp 445 and 88 + udp 88 only ?</P><P></P><P>anyone can advise?</P></BODY></HTML> Fri, 29 Apr 2005 00:50:24 GMT https://community.cisco.com/t5/network-security/advise-needed-for-pix-squid-proxy-configuration/m-p/383066#M558950 wanghmk1223 2005-04-29T00:50:24Z